public DomainRepositoryExecutorWithRandomizedDuration(
IDomainRepositoryExecutor innerDomainRepositoryExecutor,
IExecutionDurationRandomizerScopeManager taskDurationRandomizerScopeManager,
RandomizedExecutionDuration duration
)
{
_innerDomainRepositoryExecutor = innerDomainRepositoryExecutor;
_executionDurationRandomizerScopeManager = taskDurationRandomizerScopeManager;
_duration = duration;
}
/// <summary>
/// Prevents execution completing before a random duration has elapsed by padding the
/// execution time using <see cref="Task.Delay"/>. This can help mitigate against time-based
/// enumeration attacks by extending the exection duration beyond the expected bounds
/// of the query or command completion time. For example, this could be used to mitigate harvesting
/// of valid usernames from login or forgot password pages by measuring the response times.
/// </summary>
/// <param name="duration">
/// The parameters to use in extending the duration.
/// </param>
public static TRepository WithRandomDuration <TRepository>(
this TRepository repository,
RandomizedExecutionDuration duration
)
where TRepository : IDomainRepository
{
var extendedContentRepositry = repository.AsExtendableContentRepository();
var executionDurationRandomizerScopeManager = extendedContentRepositry.ServiceProvider.GetRequiredService <IExecutionDurationRandomizerScopeManager>();
return((TRepository)extendedContentRepositry.WithExecutor(executor => new DomainRepositoryExecutorWithRandomizedDuration(executor, executionDurationRandomizerScopeManager, duration)));
}
public IExecutionDurationRandomizerScope Create(RandomizedExecutionDuration duration)
{
if (_executionDurationRandomizerScope == null)
{
_executionDurationRandomizerScope = new ExecutionDurationRandomizerScope(_executionDurationRandomizerSettings);
_executionDurationRandomizerScope.UpdateDuration(duration);
}
else
{
_executionDurationRandomizerScope.UpdateDuration(duration);
return(new ChildExecutionDurationRandomizerScope());
}
return(_executionDurationRandomizerScope);
}